TC
/
Zoraxy
espejo de https://git.hkwtc.org/TC/ReverseProxy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
							package acme

import (
	"crypto"
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/x509"
	"encoding/pem"
	"io/ioutil"
	"log"
	"os"
	"path/filepath"
	"time"

	"github.com/go-acme/lego/v4/certcrypto"
	"github.com/go-acme/lego/v4/certificate"
	"github.com/go-acme/lego/v4/challenge/http01"
	"github.com/go-acme/lego/v4/lego"
	"github.com/go-acme/lego/v4/registration"
)

// You'll need a user or account type that implements acme.User
type MyUser struct {
	Email        string
	Registration *registration.Resource
	key          crypto.PrivateKey
}

func (u *MyUser) GetEmail() string {
	return u.Email
}
func (u MyUser) GetRegistration() *registration.Resource {
	return u.Registration
}
func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
	return u.key
}

type ACMEHandler struct {
	email   string
	domains []string
}

func NewACME(email string, domains []string) *ACMEHandler {

	return &ACMEHandler{
		email:   email,
		domains: domains,
	}
}

func (a *ACMEHandler) ObtainCert() {
	log.Println("Obtaining certificate...")

	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		log.Fatal(err)
	}

	adminUser := MyUser{
		Email: a.email,
		key:   privateKey,
	}

	config := lego.NewConfig(&adminUser)

	config.CADirURL = "https://acme-staging-v02.api.letsencrypt.org/directory"
	config.Certificate.KeyType = certcrypto.RSA2048

	client, err := lego.NewClient(config)
	if err != nil {
		log.Println(err)
		return
	}

	err = client.Challenge.SetHTTP01Provider(http01.NewProviderServer("", "5002"))
	if err != nil {
		log.Println(err)
		return
	}

	// New users will need to register
	reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
	if err != nil {
		log.Println(err)
		return
	}
	adminUser.Registration = reg

	request := certificate.ObtainRequest{
		Domains: a.domains,
		Bundle:  true,
	}
	certificates, err := client.Certificate.Obtain(request)
	if err != nil {
		log.Println(err)
		return
	}

	// Each certificate comes back with the cert bytes, the bytes of the client's
	// private key, and a certificate URL. SAVE THESE TO DISK.
	certificateName := ""
	if len(a.domains) == 1 {
		certificateName = certificates.Domain
	} else {
		certificateName = "default"
	}
	err = ioutil.WriteFile("./certs/"+certificateName+".crt", certificates.Certificate, 0777)
	if err != nil {
		log.Println(err)
		return
	}
	err = ioutil.WriteFile("./certs/"+certificateName+".key", certificates.PrivateKey, 0777)

	if err != nil {
		log.Println(err)
		return
	}

	// ... all done.
}

// Return a list of domains where the certificates covers
func (a *ACMEHandler) CheckCertificate() {

	filenames, err := os.ReadDir("./certs/")

	if err != nil {
		log.Println(err)
		return
	}

	for _, filename := range filenames {
		certFilepath := filepath.Join("./certs/", filename.Name())

		certBtyes, err := os.ReadFile(certFilepath)
		if err != nil {
			//Unable to load this file
			continue
		} else {
			//Cert loaded. Check its expire time
			block, _ := pem.Decode(certBtyes)
			if block != nil {
				cert, err := x509.ParseCertificate(block.Bytes)
				if err == nil {
					elapsed := time.Since(cert.NotAfter)
					approxMonths := -int(elapsed.Hours() / (24 * 30.44))
					approxDays := -int(elapsed.Hours()/24) % 30
					if elapsed > 0 {
						log.Println("Certificate", certFilepath, " expired")
					} else {
						log.Println("Certificate", certFilepath, " will still vaild for the next ", approxMonths, "m", approxDays, "d")
					}
				}
			}
		}

	}
}